X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.conf.5.in;h=acdce0f69372451d5afc7ad50275732d6b893544;hp=ed9709a651ec358f2f9863632cb49fc6987fe3be;hb=f5223937e62e1cc5e9b3d322490dd3af8d666750;hpb=ca989c0c8b19901cbd7664a9d2b42aa85c9c176e diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index ed9709a6..acdce0f6 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -114,7 +114,7 @@ If .Qq any is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. -.It Va AutoConnect Li = yes | no Po no Pc Bq experimental +.It Va AutoConnect Li = yes | no Pq yes If set to yes, .Nm tinc will automatically set up meta connections to other nodes, @@ -177,7 +177,7 @@ line). .Pp If you don't specify a host with .Va ConnectTo -and don't enable +and have disabled .Va AutoConnect , .Nm tinc won't try to connect to other daemons at all, @@ -235,7 +235,8 @@ Do NOT connect multiple daemons to the same multicast address, this will very likely cause routing loops. Also note that this can cause decrypted VPN packets to be sent out on a real network if misconfigured. .It fd -Use a file descriptor. +Use a file descriptor, given directly as an integer or passed through a unix domain socket. +On Linux, an abstract socket address can be specified by using "@" as a prefix. All packets are read from this interface. Packets received for the local node are written to it. .It uml Pq not compiled in by default @@ -312,6 +313,10 @@ This is less efficient, but allows the kernel to apply its routing and firewall and can also help debugging. Incoming packets using the SPTPS protocol are dropped, since they are end-to-end encrypted. .El +.It Va FWMark Li = Ar value Po 0 Pc Bq experimental +When set to a non-zero value, all TCP and UDP sockets created by tinc will use the given value as the firewall mark. +This can be used for mark-based routing or for packet filtering. +This option is currently only supported on Linux. .It Va Hostnames Li = yes | no Pq no This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's @@ -679,7 +684,7 @@ this means that tinc will temporarily stop processing packets until the called s This guarantees that scripts will execute in the exact same order as the events that trigger them. If you need to run commands asynchronously, you have to ensure yourself that they are being run in the background. .Pp -Under Windows (not Cygwin), the scripts must have the extension +Under Windows, the scripts must have the extension .Pa .bat or .Pa .cmd .